Category: Active Directory
-
On Connect Woes & Broken AD Links
I woke up this morning to an email that read: Password Hash Synchronization heartbeat was skipped in last 120 minutes. While this happens for no apparent reason from time to time, I logged in four hours after the email came in and noticed the issue had not been resolved. I went to log into my…
-
Domain vs. Entra… or both?
This will be the first of a multi-part series on configuring and managing device Identity and Access Management (IAM) for Microsoft In the year 2000, Windows 2000 Server was released, and with it came a new era of authentication. Microsoft introduced Active Directory to the world, which would later be known as Active Directory Domain…
-
Entra ID Connect: Starting Over
Because I do not always run my demo environments following industry best practices, I occationally find myself in a situation where things might be… horked. That is to say, my on-prem lab (including the Active Directory domain) gets wiped, and I rebuild it from scratch. It is something that I usually enjoy doing, and until…
-
Linux on Active Directory
I remember a decade or so ago when Microsoft tried to reach out to the Open Source community and get them to give their products and environments a chance. ‘Microsoft loves Linux!’ was the slogan, with a big heart in there. I remember joking with some of my colleagues that they really did not, but…
-
Creating AD User Accounts Using PowerShell
Whenever someone tells me that my insistence that domain controllers should never have a GUI (Graphical User Interface) I introduce them to the Remote Server Administration Tools, and all is well. Yes, you can manage your Active Directory Domain Services (AD DS) from the comfort of your Windows 11 (or Windows 10) PC with the…
-
HAADJ: Group Policy to Cloud Policy
**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody…
-
Domain Controller to the Core
**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody…
-
Renaming Your Domain
**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody…
-
Creating a Lab Domain in PowerShell
I am spending a lot of time in Microsoft 365 these days. Because of my new contract, I found myself needing to build a lab environment from scratch. Yes, I am working in Azure AD, but for my role I realized it would be help to have an on-premise Active Directory Domain Services environment, in…
-
AzureAD: Joining is easy!
There was a time, years ago, when I maintained my own Active Directory infrastructure. I was living with my family in Canada, I had server racks in the basement, and my company required my having AD that I could use and often demo. Those days are long gone. I now live in an apartment in…
-
Domain Controller Ports
Recently I was asked by a client to produce a list of firewall ports that are used by Active Directory Domain Services (AD DS), specifically those for domain controllers. This is what I came up with: TCP and UDP 389 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP TCP 636 Directory, Replication, User…
-
A PowerShell Gotcha
I was bulk-creating users for a test environment today, and in doing so, I borrowed a script from an article online, which set the password for all users to ‘Pa$$word’ I usually use a variation on the same for test environments, but I opted to leave this one as it was. The script worked. A…
-
Delegating Control in Active Directory
I have been saying for years that a good IT department in a secure, well-managed infrastructure will give their end users the tools they need to do their job… and nothing more. If that is true for end users, shouldn’t it also be true for the IT department themselves? It is frustrating to see the…
The World According to Mitch 